Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

recent certificate errors: CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate #43024

Open
2x2xplz opened this issue Aug 12, 2020 · 0 comments
Open

recent certificate errors: CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate #43024

2x2xplz opened this issue Aug 12, 2020 · 0 comments
Labels
area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. library-io

Comments

@2x2xplz
Copy link

2x2xplz commented Aug 12, 2020 

• Flutter version 1.17.5 at C:\Langs\Flutter
• Framework revision 8af6b2f038 (6 weeks ago), 2020-06-30 12:53:55 -0700
• Engine revision ee76268252
• Dart version 2.8.4
developing on Windows 10-64, testing on Android 6.0 device

Currently building a Flutter app with Dio and the default HttpClient. Recently multiple sites started choking with the following error:
HandshakeException: Handshake error in client (OS Error: CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate(handshake.cc:354))

These sites worked ok, without error, a few weeks ago. Perhaps an upgrade of Flutter or the SDK added more restrictions to valid certificates?

I have searched through the repo for similar reports as well as the general internet. unable to get local issuer certificate is often caused by the web server failing to send intermediate certs. I'm not sure if that's the case here.

One site's cert is issued by GeoTrust RSA CA 2018 which is authorized by DigiCert Global Root CA
Another site's cert is issued by Go Daddy Secure Certificate Authority - G2 which is authorized by Go Daddy Root Certificate Authority -- G2

Both Chrome and Firefox claim the sites are secure, there is no complaint about missing certs, the browsers include the full chain. The sites use either TLS 1.2 or 1.3 so it's not an old version.

image
image

I do not have any proxy or firewall set (seen that as a remedy in other threads). Many other sites work fine, no Handshake error. It's possible to workaround by replacing the default HttpClient with one that allows bad certs ( client.badCertificateCallback = (cert,host,port) => true ) but this is not ideal.
@mit-mit mit-mit added the area-vm Use area-vm for VM related issues, including code coverage, FFI, and the AOT and JIT backends. label Aug 12, 2020
@rmacnak-google rmacnak-google added area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. library-io and removed area-vm Use area-vm for VM related issues, including code coverage, FFI, and the AOT and JIT backends. labels Aug 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. library-io
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rmacnak-google @mit-mit @2x2xplz